elemint@hotpop.com wrote:
> We have a box setup with multiple virtual interfaces for purposes of
> multiple vlans and I want to send all syslog traffic or send all traffif
> out of a given interface.
>
> Can I use the export command for this? If not export how should I
> accomplish this?
I've played with snort quite a bit and don't quite understand what you want to
do. If the sniffer box is hooked up to a switch that has vlans and you make its
port part of all those vlans then there is no need for the virtual interfaces.
As for what interface it uses to communicate with a remote system, that is set
by the kernel routing table, not by snort. So if you really want to force
packets going to a certain IP (or subnet) then you just setup a static route in
the route table to control which interface it goes out as.
I could help more, but don't know if you are trying to do true NIDS (Network
Intrusion Detection System) or running snort on a system as a kind of Network
HIDS (Host Intrusion Detection System). I had snort listening to a silent
interface that was connected to a span port on a Cisco switch and a second
interface that had only the ability to reach one subnet on the entire network
(and only reachable from same subnet).
(text/plain)